Lucene search
K

83 matches found

CVE
CVE
added 2021/04/20 7:56 p.m.41 views

CVE-2020-7857

CVE-2020-7857 affects Tobesoft XPlatform prior to version 9.2.2.280. The issue is a command injection caused by insufficient validation of improper classes, allowing an unauthenticated attacker to execute arbitrary commands. Affected component/behavior: the XPlatform platform’s class validation l...

9.8CVSS9.6AI score0.01012EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.4 views

Tobesoft Xplatform 输入验证错误漏洞

Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS auto-setting, and multi-document interfaces. A command injection vulnerability exists in XPlatform versions prior to 9.2.2.280. The vulnerability stems from...

9.8CVSS6.1AI score0.01012EPSS
Exploits0References2
CNVD
CNVD
added 2021/03/25 12:0 a.m.7 views

Tobesoft Xplatform Code Execution Vulnerability (CNVD-2021-25270)

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A security vulnerability exists in Tobesoft Xplatform, which stems from an unchecked offset input range...

9.8CVSS7.4AI score0.0083EPSS
Exploits0References1
OSV
OSV
added 2021/03/24 9:15 p.m.5 views

CVE-2020-7853

An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution...

9.8CVSS7.5AI score0.0083EPSS
Exploits0References1
NVD
NVD
added 2021/03/24 9:15 p.m.19 views

CVE-2020-7853

An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution...

9.8CVSS0.0083EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/03/24 8:55 p.m.17 views

CVE-2020-7853 TOBESOFT XPLATFORM Out-of-Bounds Read/Write Vulnerabilities

An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution...

5.5CVSS9.6AI score0.0083EPSS
Exploits0References1
CVE
CVE
added 2021/03/24 8:55 p.m.76 views

CVE-2020-7853

CVE-2020-7853 affects Tobesoft XPLATFORM. The vulnerability arises from an unchecked offset input range enabling out-of-bounds read/write, which can allow an attacker to achieve arbitrary code execution. Public sources (CNVD-2021-25270, CVE records) describe the same issue as an offset-range chec...

9.8CVSS7.8AI score0.0083EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.4 views

Tobesoft Xplatform 缓冲区错误漏洞

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A security vulnerability exists in Tobesoft Xplatform, which stems from an unchecked offset input range...

9.8CVSS8.7AI score0.0083EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/18 12:0 a.m.2 views

Tobesoft Xplatform Input Validation Error Vulnerability

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. TOBESOFT XPLATFORM suffers from an input validation error vulnerability that originates when a command...

8.8CVSS7.2AI score0.01512EPSS
Exploits0References1
OSV
OSV
added 2020/11/17 2:15 p.m.4 views

CVE-2020-7841

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

8.8CVSS7.5AI score0.01512EPSS
Exploits0References1
NVD
NVD
added 2020/11/17 2:15 p.m.22 views

CVE-2020-7841

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

8.8CVSS8.9AI score0.01512EPSS
Exploits0References1
Prion
Prion
added 2020/11/17 2:15 p.m.15 views

Input validation

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

6.8CVSS8.8AI score0.01512EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/17 1:4 p.m.50 views

CVE-2020-7841

TOBESOFT XPLATFORM suffers an improper input validation vulnerability that can lead to arbitrary .hta file execution when a command string starts with http://, https://, or mailto://. The CVE-2020-7841 entry is supported by multiple sources (NVD, Red Hat, CNVD) detailing this issue and its high/c...

8.8CVSS8.9AI score0.01512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/17 1:4 p.m.22 views

CVE-2020-7841 TOBESOFT XPLATFORM arbitrary hta file execution vulnerability

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

8.8CVSS8.9AI score0.01512EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Tobesoft Xplatform 输入验证错误漏洞

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. TOBESOFT XPLATFORM suffers from an input validation error vulnerability that originates when a command...

8.8CVSS7.5AI score0.01512EPSS
Exploits0References2
CNVD
CNVD
added 2020/07/13 12:0 a.m.2 views

Tobesoft Xplatform Injection Vulnerability

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A security vulnerability exists in COMPONENT in TOBESOFT Xplatform 9.2.260 and earlier versions Windows...

9.8CVSS7AI score0.01194EPSS
Exploits0References1
NVD
NVD
added 2020/07/10 2:15 p.m.16 views

CVE-2020-7815

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in COMPONENT of TOBESOFT XPLATFORM allows ATTACKER/ATTACK to caus...

9.8CVSS0.01194EPSS
Exploits0References2
OSV
OSV
added 2020/07/10 2:15 p.m.3 views

CVE-2020-7815

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in COMPONENT of TOBESOFT XPLATFORM allows ATTACKER/ATTACK to caus...

9.8CVSS7.4AI score0.01194EPSS
Exploits0References2
Prion
Prion
added 2020/07/10 2:15 p.m.17 views

Design/Logic Flaw

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in COMPONENT of TOBESOFT XPLATFORM allows ATTACKER/ATTACK to caus...

7.5CVSS9.4AI score0.01194EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/10 1:5 p.m.14 views

CVE-2020-7815

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in COMPONENT of TOBESOFT XPLATFORM allows ATTACKER/ATTACK to caus...

7.8CVSS9.5AI score0.01194EPSS
Exploits0References2
Rows per page
Query Builder